← Retour aux CVEs
CVE-2017-11317
CRITICALCISA KEV9.8
Description
Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie8/23/2017
Derniere modification10/22/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurTelerik
ProduitUser Interface (UI) for ASP.NET AJAX
Nom vulnerabiliteTelerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability
Date ajout KEV2022-04-11
Date limite remediation2022-05-02
Utilise dans ransomwareUnknown
Produits affectes
telerik:ui_for_asp.net_ajax
Faiblesses (CWE)
CWE-326CWE-326
References
http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html(cve@mitre.org)
http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload(cve@mitre.org)
https://www.exploit-db.com/exploits/43874/(cve@mitre.org)
http://packetstormsecurity.com/files/159653/Telerik-UI-ASP.NET-AJAX-RadAsyncUpload-Deserialization.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.telerik.com/support/kb/aspnet-ajax/upload-%28async%29/details/unrestricted-file-upload(af854a3a-2127-422b-91ae-364da2661108)
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0006(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/43874/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-11317(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.